Firewall Policy Configuring firewall policies
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 227
For information about how to create a firewall encryption policy for SSL VPN
users, see the “SSL VPN administration tasks” chapter of the FortiGate SSL VPN
User Guide.
Options to check FortiClient on hosts
On the FortiGate model 1000A, 3600A, and 5005FA2, firewall policies can deny
access for hosts that do not have FortiClient Host Security software installed and
operating. This feature can detect FortiClient software version 3.0 MR2 or later.
Figure 126:FortiClient Host Security check options
SSL Client
Certificate
Restrictive
Allow traffic generated by holders of a (shared) group certificate. The
holders of the group certificate must be members of an SSL VPN user
group, and the name of that user group must be present in the Allowed
field.
Cipher Strength Select one of the following options to determine the level of SSL
encryption to use. The web browser on the remote client must be
capable of matching the level that you select:
• To use any cipher suite, select Any.
• To use a 164-bit or greater cipher suite, select High >= 164.
• To use a 128-bit or greater cipher suite, select Medium >= 128.
User
Authentication
Method
Select one of the following options:
• If the user group that will be bound to this firewall policy is a local user
group, select Local.
• If the remote clients will be authenticated by an external RADIUS
server, select Radius.
• If the remote clients will be authenticated by an external LDAP server,
select LDAP.
• Select Any to enable all of the above authentication methods. Local is
attempted first, then Radius, then LDAP.
Available Groups Select the name of the user group requiring SSL VPN access, and then
select the right-pointing arrow. Do not select more than one user group
unless all members of the selected user groups have identical access
requirements.
To Next Page
Loading...
Need help?
General